Security News > 2023 > March > New CISA tool detects hacking activity in Microsoft cloud services
The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.
"Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer's Azure Active Directory, Azure, and M365 environments," CISA says.
"Untitled Goose Tool gathers additional telemetry from Microsoft Defender for Endpoint and Defender for Internet of Things."
Export and review AAD sign-in and audit logs, M365 unified audit log, Azure activity logs, Microsoft Defender for IoT alerts, and Microsoft Defender for Endpoint data for suspicious activity.
The cybersecurity agency previously released in June 2021 a new module for its Cyber Security Evaluation Tool known as Ransomware Readiness Assessment to help organizations assess their readiness to prevent and recover from ransomware attacks.
News URL
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- CISA, NSA share best practices for securing cloud services (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- CISA orders agencies impacted by Microsoft hack to mitigate risks (source)